A hybrid cloud is a computing environment that utilizes both a private cloud (for example, an on-premise or private network) and a public cloud (for example, remote servers and software networks provided by a service provider). Privacy and security are key concerns when exchanging data between the private and public clouds.
To protect private and confidential data, a private network is generally protected by a network security system, such as a firewall. Communications in and out of the firewall needs to match security criteria set by the firewall. Conventionally, virtual private networks (VPNs) have been used to provide devices outside the private network authorized access through the firewall to devices inside the private network. Generally, once a VPN connection is established between a private network and a device outside the private network, the device outside the private network can access any device in the private network without the protection of the firewall.
In some instances, a device outside of a private network only needs to communicate specific requests for service, instructions, operations, or data with a specific subset of devices inside the private network. Conventionally, the firewall or VPN server is manually configured to limit the devices, data, software, or resources that a device outside the private network can access over the VPN.
The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.